Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

nmsrvc.exe and Pure network Platform


  • Please log in to reply

#1
Buffalohead2

Buffalohead2

    New Member

  • Member
  • Pip
  • 5 posts
Having trouble with error message on boot and my Home PC is freezing each time I see error message :) Did the 5 step malware prep. Not sure where to post logs but I put them here ? . Tell me what to do from here please Again logs are ready, not sure where to post. :) Please advise. :)

Malwarebytes' Anti-Malware 1.44
Database version: 3728
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/11/2010 9:29:02 PM
mbam-log-2010-02-11 (21-29-02).txt

Scan type: Quick Scan
Objects scanned: 198554
Time elapsed: 4 minute(s), 5 second(s)

OTL Extras logfile created on: 2/11/2010 9:59:49 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Karl Kettner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.88 Gb Total Space | 27.75 Gb Free Space | 14.62% Space Free | Partition Type: NTFS
Drive D: | 2.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 74.46 Gb Total Space | 6.95 Gb Free Space | 9.34% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 121.69 Gb Free Space | 81.65% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: KETTNERSMACHINE
Current User Name: Karl Kettner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.com [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.reg [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\msohtmed.exe" %1 File not found
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\msohtmed.exe" /p %1 File not found
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat" = C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king -- (Electronic Arts Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{07041881-E9B4-4DF6-A845-CAAFD093E477}" = Microsoft Student with Encarta Premium 2007
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1E88F516-C8AA-4D17-9A54-8AB0768F34C1}" = Retrospect Express HD 1.0
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{214ED689-3F31-4ABC-A79D-870A73ECB086}" = TurboTax 2008 wctiper
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}" = palmOne
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E}" = The Lord of the Rings, The Rise of the Witch-king
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{9C244A38-C64F-45F7-8550-81BEE9E860F1}" = NetObjects Fusion 8
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B136E4A4-7660-4F15-9752-EF8E6BA7866D}" = Family Tree Maker 2005
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B348E585-E872-41DF-8234-E2D49917CFBB}" = Learning Essentials for Microsoft Office
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CBD8FD34-8559-4028-922B-50797D151E04}" = Memory Card Utility
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5090856-6E87-4AE1-B6FE-DD4149CB097A}" = LogViewer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"{F097A1D3-4355-4911-B620-852BB30083CA}" = NetObjects Fusion 8
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4A47B12-4314-4020-B458-EDF1C0F90BE5}" = ATI Catalyst Control Center
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"AOP" = Norton AddOn Pack
"ATI Display Driver" = ATI Display Driver
"BFME Extended Edition" = BFME Extended Edition
"Charter" = Charter Pipeline Professor
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Easy-WebPrint" = Easy-WebPrint
"ERUNT_is1" = ERUNT 1.1j
"Family Tree Maker" = Family Tree Maker 7.0
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"GTRemote Client" = DellConnect
"HijackThis" = HijackThis 1.99.1
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"Jasc Paint Shop Pro 9.01 - (9.0.1.1)" = Jasc Paint Shop Pro 9.01 - (9.0.1.1)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MXOFX" = USB Storage Adapter FX (MXO)
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® PRO Network Adapters and Drivers
"Q903235" = Internet Explorer Q903235
"Shockwave" = Shockwave
"ST6UNST #2" = MaXimus DVD Version 1.2
"TurboTax 2008" = TurboTax 2008
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2010 5:57:33 PM | Computer Name = KETTNERSMACHINE | Source = Application Error | ID = 1000
Description = Faulting application nmsrvc.exe, version 10.0.8093.0, faulting module
nmcore.dll, version 10.1.8116.1, fault address 0x0019a004.

Error - 2/7/2010 7:59:17 PM | Computer Name = KETTNERSMACHINE | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2010 8:00:07 PM | Computer Name = KETTNERSMACHINE | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2010 8:00:21 PM | Computer Name = KETTNERSMACHINE | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 2/7/2010 8:03:31 PM | Computer Name = KETTNERSMACHINE | Source = Application Error | ID = 1004
Description = Faulting application nmsrvc.exe, version 10.0.8093.0, faulting module
nmcore.dll, version 10.1.8116.1, fault address 0x0019a004.

Error - 2/7/2010 8:06:45 PM | Computer Name = KETTNERSMACHINE | Source = Application Error | ID = 1000
Description = Faulting application nmsrvc.exe, version 10.0.8093.0, faulting module
nmcore.dll, version 10.1.8116.1, fault address 0x0019a004.

Error - 2/7/2010 8:26:01 PM | Computer Name = KETTNERSMACHINE | Source = Application Error | ID = 1000
Description = Faulting application nmsrvc.exe, version 10.0.8093.0, faulting module
nmcore.dll, version 10.1.8116.1, fault address 0x0019a004.

Error - 2/7/2010 8:37:48 PM | Computer Name = KETTNERSMACHINE | Source = Application Error | ID = 1000
Description = Faulting application nmsrvc.exe, version 10.0.8093.0, faulting module
nmcore.dll, version 10.1.8116.1, fault address 0x0019a004.

Error - 2/7/2010 10:28:54 PM | Computer Name = KETTNERSMACHINE | Source = Application Error | ID = 1000
Description = Faulting application game.dat, version 2.1.2614.37001, faulting module
game.dat, version 2.1.2614.37001, fault address 0x0061f2dd.

Error - 2/9/2010 8:12:39 AM | Computer Name = KETTNERSMACHINE | Source = Application Error | ID = 1000
Description = Faulting application mcui32.exe, version 16.8.0.41, faulting module
symhtml.dll, version 3.8.0.2, fault address 0x000281fc.

[ System Events ]
Error - 2/11/2010 1:54:24 PM | Computer Name = KETTNERSMACHINE | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/11/2010 1:56:05 PM | Computer Name = KETTNERSMACHINE | Source = Service Control Manager | ID = 7022
Description = The Pure Networks Platform Service service hung on starting.

Error - 2/11/2010 1:56:05 PM | Computer Name = KETTNERSMACHINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2/11/2010 1:56:32 PM | Computer Name = KETTNERSMACHINE | Source = Service Control Manager | ID = 7034
Description = The Linksys Updater service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/11/2010 1:56:32 PM | Computer Name = KETTNERSMACHINE | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/11/2010 7:09:45 PM | Computer Name = KETTNERSMACHINE | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/11/2010 7:11:02 PM | Computer Name = KETTNERSMACHINE | Source = Service Control Manager | ID = 7022
Description = The Pure Networks Platform Service service hung on starting.

Error - 2/11/2010 7:11:02 PM | Computer Name = KETTNERSMACHINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2/11/2010 7:11:02 PM | Computer Name = KETTNERSMACHINE | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/11/2010 7:11:02 PM | Computer Name = KETTNERSMACHINE | Source = Service Control Manager | ID = 7034
Description = The Linksys Updater service terminated unexpectedly. It has done
this 1 time(s).


< End of report >


OTL.Txt
OTL logfile created on: 2/11/2010 9:59:49 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Karl Kettner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.88 Gb Total Space | 27.75 Gb Free Space | 14.62% Space Free | Partition Type: NTFS
Drive D: | 2.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 74.46 Gb Total Space | 6.95 Gb Free Space | 9.34% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 121.69 Gb Free Space | 81.65% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: KETTNERSMACHINE
Current User Name: Karl Kettner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/11 21:57:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl Kettner\Desktop\OTL.exe
PRC - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe
PRC - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe
PRC - [2009/11/28 15:38:44 | 000,186,744 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.7.0.23\ccProxy.exe
PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/08/22 03:26:07 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/14 17:07:31 | 000,099,624 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aprocessfactory.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2007/07/10 09:51:05 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/06/10 04:11:28 | 000,117,528 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCSVR.EXE
PRC - [2006/06/10 04:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
PRC - [2005/09/14 17:42:48 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\SYSTEM32\gearsec.exe
PRC - [2005/08/30 22:36:10 | 000,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
PRC - [2004/07/30 15:47:36 | 000,069,632 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
PRC - [2004/06/03 03:50:07 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2003/06/11 07:34:58 | 000,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/05/31 18:02:32 | 007,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
PRC - [2002/08/29 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/11 21:57:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl Kettner\Desktop\OTL.exe
MOD - [2009/11/21 10:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2009/08/22 03:26:04 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\asOEHook.dll
MOD - [2008/04/13 19:12:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\shimeng.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - [2010/02/09 20:58:25 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/11/28 15:38:44 | 000,186,744 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.7.0.23\ccProxy.exe -- (ccProxy)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/09/23 15:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/22 03:26:07 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/04/27 22:12:07 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/14 17:07:35 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/07 11:30:22 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/07/10 09:51:22 | 000,532,264 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/04/18 04:30:42 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/09 00:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/29 15:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/09/14 17:42:48 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\SYSTEM32\gearsec.exe -- (GEARSecurity)
SRV - [2005/08/30 22:36:10 | 000,376,832 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/08/30 21:05:00 | 000,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\ati2sgag.exe -- (ATI Smart)
SRV - [2004/07/30 15:47:36 | 000,110,592 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe -- (RetroExp Helper)
SRV - [2004/07/30 15:47:36 | 000,069,632 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe -- (RetroExpLauncher)
SRV - [2003/11/03 13:46:00 | 000,073,728 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/11 07:34:58 | 000,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2003/05/31 18:02:32 | 007,544,916 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/12/17 19:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)
SRV - [2002/10/21 09:36:50 | 000,049,152 | ---- | M] (CANON INC.) [Disabled | Stopped] -- C:\Program Files\Canon\BJCard\Bjmcmng.exe -- (Bjmcmng)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...?ie=UTF-8&hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Encarta Web Companion Helper Object) - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (Encarta Web Companion) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Encarta Web Companion) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [L07AXLRD_406312] C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [L07AXLRD_9822546] C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Karl Kettner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.micros.../i386/msaud.cab (Reg Error: Value error.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsi.cab (Reg Error: Value error.)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (Reg Error: Value error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1092375319687 (MSSecurityAdvisor Class)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...sa/LSSupCtl.cab (Reg Error: Value error.)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg...v45/yacscom.cab (Yahoo! Audio Conferencing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} http://www.exfol.com/v/1/i/eins008.exe (Reg Error: Value error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} http://dl.google.com...PluginIEWin.cab (Google Gadget Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1176648994890 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Yahoo! Audio UI1)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2} http://catalog.homed...live/ezinit.cab (Reg Error: Value error.)
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} http://64.154.241.30/wg_webeye.cab (Web Camera Server Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} http://ib2.dancik.co...gefull20816.cab (Actimage Room Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.app.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.s.../ActiveData.cab (Reg Error: Value error.)
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} http://www.musicmatc...tionControl.cab (moDiagCollectionActiveX Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.151.8.211 24.151.8.210 66.189.130.5
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Gone Fishing.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Gone Fishing.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/02 17:37:35 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2006/11/02 17:30:48 | 000,569,344 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006/11/02 17:37:21 | 000,000,180 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2006/10/28 21:39:19 | 000,880,640 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2007/05/31 13:15:50 | 000,000,118 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0199e147-bf2b-11dd-92c3-000cf1fb5d9a}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\{11064904-e882-11dd-9327-000cf1fb5d9a}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{11064904-e882-11dd-9327-000cf1fb5d9a}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2006/04/16 15:03:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (72342462038802432)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/11 21:57:43 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karl Kettner\Desktop\OTL.exe
[2010/02/10 16:31:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/10 16:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/09 22:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/09 20:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/09 17:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karl Kettner\Application Data\Malwarebytes
[2010/02/09 17:22:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/09 17:21:59 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/09 17:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/09 17:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/08 18:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Support
[2010/02/07 19:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karl Kettner\Application Data\IObit
[2010/02/07 19:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/08/20 06:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Downloaded Installations
[2009/05/04 06:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\eMusic
[2008/01/03 21:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/25 00:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/04/16 13:56:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/04/16 13:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/04/16 13:55:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2004/08/19 22:59:58 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
[2004/08/19 22:59:58 | 000,476,160 | ---- | C] (NetObjects) -- C:\Program Files\SiteSlurp.dll
[2004/08/19 22:59:58 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[2004/08/19 22:59:58 | 000,172,032 | ---- | C] (NetObjects) -- C:\Program Files\t2html.dll
[2004/08/19 22:59:58 | 000,069,632 | ---- | C] (NetObjects) -- C:\Program Files\t2edit.dll
[2004/08/19 22:59:58 | 000,032,768 | ---- | C] (NetObjects) -- C:\Program Files\NFXPort.dll
[2004/08/19 22:59:57 | 000,446,976 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn13n.dll
[2004/08/19 22:59:57 | 000,445,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg13n.dll
[2004/08/19 22:59:57 | 000,206,336 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltefx13n.dll
[2004/08/19 22:59:57 | 000,150,528 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil13n.DLL
[2004/08/19 22:59:56 | 000,269,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS13n.dll
[2004/08/19 22:59:55 | 001,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTCLR13n.dll
[2004/08/19 22:59:55 | 000,140,288 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif13n.dll
[2004/08/19 22:59:55 | 000,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftga13n.dll
[2004/08/19 22:59:54 | 000,055,808 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd13n.dll
[2004/08/19 22:59:54 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfras13n.dll
[2004/08/19 22:59:53 | 000,181,760 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng13n.dll
[2004/08/19 22:59:53 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct13n.dll
[2004/08/19 22:59:53 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx13n.dll
[2004/08/19 22:59:53 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd13n.dll
[2004/08/19 22:59:52 | 000,084,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lffpx13n.dll
[2004/08/19 22:59:52 | 000,047,616 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfeps13n.dll
[2004/08/19 22:59:52 | 000,047,104 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfgif13n.dll
[2004/08/19 22:59:50 | 010,850,304 | ---- | C] (NetObjects) -- C:\Program Files\Fusion.exe
[2004/08/19 22:59:50 | 000,417,792 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP13n.DLL
[2004/08/19 22:59:50 | 000,401,408 | ---- | C] (NetObjects) -- C:\Program Files\DAlib.dll
[2004/08/19 22:59:50 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp13n.dll

========== Files - Modified Within 14 Days ==========

[2010/02/11 21:57:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl Kettner\Desktop\OTL.exe
[2010/02/11 21:51:06 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3922693991-217629532-4035939359-1009UA.job
[2010/02/11 21:03:20 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/11 21:03:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/11 21:03:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/11 20:50:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3922693991-217629532-4035939359-1009Core.job
[2010/02/11 18:08:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/11 18:08:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/11 18:08:32 | 3220,230,144 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/11 07:43:13 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Karl Kettner\NTUSER.DAT
[2010/02/11 07:43:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Karl Kettner\NTUSER.INI
[2010/02/11 07:43:06 | 004,844,676 | -H-- | M] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\IconCache.db
[2010/02/10 22:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/10 16:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/10 16:30:33 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Karl Kettner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/10 10:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/10 09:57:06 | 000,816,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\Cat.DB
[2010/02/10 09:56:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/10 09:36:33 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\housecall.guid.cache
[2010/02/08 17:30:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/08 17:30:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/06 14:39:00 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 13:46:34 | 000,001,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/02/03 11:53:08 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\isolate.ini
[2010/01/30 17:20:35 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk

========== Files Created - No Company Name ==========

[2010/02/10 16:30:33 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/10 10:11:26 | 3220,230,144 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/10 09:36:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\housecall.guid.cache
[2010/02/09 20:58:50 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/09 20:58:50 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/05 21:41:06 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/03 14:31:20 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/03 13:46:34 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/08/28 22:05:26 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/28 09:30:45 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\FASTWiz.log
[2008/05/09 11:29:05 | 000,000,072 | ---- | C] () -- C:\WINDOWS\JascCmdPrint.INI
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/01 21:07:43 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/10/01 21:07:43 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/10/01 21:07:43 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/10/01 21:07:42 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/15 09:23:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/05/01 16:55:49 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/04/18 11:07:05 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/04/18 11:07:05 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/28 22:33:09 | 000,001,382 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/22 23:16:06 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/08/13 18:25:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/03/05 11:45:46 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/03/05 11:45:45 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/01/07 13:53:05 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2005/11/20 09:36:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/09/01 22:00:18 | 000,000,080 | ---- | C] () -- C:\WINDOWS\usta33.ini
[2005/08/22 19:02:04 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2005/08/03 17:48:37 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\VSCRDD32.DLL
[2005/08/03 17:48:36 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\esafedrv.dll
[2005/08/03 17:48:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\npen32.dll
[2005/08/03 17:48:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\enph.dll
[2005/08/03 17:48:36 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\em32.dll
[2005/07/14 22:55:20 | 000,008,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/06/08 19:36:43 | 000,000,081 | ---- | C] () -- C:\WINDOWS\RMAKER.INI
[2005/06/08 19:36:40 | 000,000,226 | ---- | C] () -- C:\WINDOWS\ANYTIME.INI
[2005/06/08 19:36:21 | 000,004,512 | ---- | C] () -- C:\WINDOWS\HMEW.DLL
[2005/05/18 18:51:21 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/18 18:51:20 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/18 18:50:47 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/04 13:45:46 | 000,029,493 | ---- | C] () -- C:\WINDOWS\_000116_.tmp.dll
[2005/04/27 23:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 23:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 23:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/04/19 07:43:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uesviewer.INI
[2005/03/04 07:47:02 | 000,029,138 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Application Data\Comma Separated Values (Windows).ADR
[2004/12/26 10:33:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/03 16:22:54 | 000,000,316 | ---- | C] () -- C:\WINDOWS\conscorr.ini
[2004/12/03 00:28:45 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GBFDEIJK.ini
[2004/09/15 22:10:04 | 000,000,000 | ---- | C] () -- C:\Program Files\MyDic.dic
[2004/09/15 21:45:51 | 000,000,000 | ---- | C] () -- C:\Program Files\018444
[2004/09/15 21:45:51 | 000,000,000 | ---- | C] () -- C:\Program Files\018232
[2004/09/15 18:35:25 | 000,000,000 | ---- | C] () -- C:\Program Files\012275
[2004/09/15 18:35:25 | 000,000,000 | ---- | C] () -- C:\Program Files\003370
[2004/09/15 16:55:07 | 000,162,059 | -H-- | C] () -- C:\Program Files\Fusion.GID
[2004/09/02 19:09:20 | 000,000,016 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2004/08/24 06:33:39 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/24 06:33:39 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/24 06:33:39 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/24 06:33:39 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/24 06:33:39 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/19 23:00:04 | 000,848,384 | ---- | C] () -- C:\Program Files\SBEditorForm.ocx
[2004/08/19 23:00:04 | 000,352,256 | ---- | C] () -- C:\Program Files\FSI.dll
[2004/08/19 23:00:04 | 000,069,632 | ---- | C] () -- C:\Program Files\JaxCompiler.ocx
[2004/08/19 23:00:04 | 000,045,056 | ---- | C] () -- C:\Program Files\CoFTP.dll
[2004/08/19 22:59:58 | 000,374,272 | ---- | C] () -- C:\Program Files\NOFPR.DLL
[2004/08/19 22:59:58 | 000,196,608 | ---- | C] () -- C:\Program Files\NOFPD.DLL
[2004/08/19 22:59:58 | 000,184,320 | ---- | C] () -- C:\Program Files\patchw32.dll
[2004/08/19 22:59:58 | 000,167,936 | ---- | C] () -- C:\Program Files\nfxtools.dll
[2004/08/19 22:59:58 | 000,147,456 | ---- | C] () -- C:\Program Files\UTCmprss.dll
[2004/08/19 22:59:58 | 000,118,784 | ---- | C] () -- C:\Program Files\Pdlib.dll
[2004/08/19 22:59:58 | 000,086,016 | ---- | C] () -- C:\Program Files\PublishManager.dll
[2004/08/19 22:59:58 | 000,055,012 | ---- | C] () -- C:\Program Files\nfxrect.tlb
[2004/08/19 22:59:58 | 000,032,768 | ---- | C] () -- C:\Program Files\OdbcDsnRetriever.dll
[2004/08/19 22:59:58 | 000,028,672 | ---- | C] () -- C:\Program Files\Uninst.dll
[2004/08/19 22:59:58 | 000,023,664 | ---- | C] () -- C:\Program Files\nfusion.tlb
[2004/08/19 22:59:58 | 000,022,876 | ---- | C] () -- C:\Program Files\sbeditorform.mld
[2004/08/19 22:59:58 | 000,020,480 | ---- | C] () -- C:\Program Files\PtRes.dll
[2004/08/19 22:59:58 | 000,009,463 | ---- | C] () -- C:\Program Files\Recover.txt
[2004/08/19 22:59:55 | 000,012,739 | ---- | C] () -- C:\Program Files\License.txt
[2004/08/19 22:59:53 | 000,118,784 | ---- | C] () -- C:\Program Files\lfkodak.dll
[2004/08/19 22:59:52 | 000,338,944 | ---- | C] () -- C:\Program Files\lffpx7.dll
[2004/08/19 22:59:50 | 000,904,989 | ---- | C] () -- C:\Program Files\Fusion.hlp
[2004/08/19 22:59:50 | 000,159,744 | ---- | C] () -- C:\Program Files\asrv.dll
[2004/08/19 22:59:50 | 000,155,648 | ---- | C] () -- C:\Program Files\UTUnpack.dll
[2004/08/19 22:59:50 | 000,034,376 | ---- | C] () -- C:\Program Files\Fusion.cnt
[2004/08/12 07:27:12 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\fusioncache.dat
[2004/07/25 21:09:05 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/20 21:01:34 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2004/07/20 21:00:06 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/07/20 21:00:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/07/18 09:53:13 | 000,025,399 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2004/07/12 18:29:05 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2004/07/12 18:22:02 | 000,000,229 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/07/12 15:43:39 | 000,056,411 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/07/12 12:23:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/07/10 20:16:24 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/10 19:16:11 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2004/07/10 18:33:12 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004/07/10 13:00:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/07/10 12:54:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4y.DLL
[2004/07/10 09:50:09 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2004/07/10 09:44:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/07/06 19:18:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/06 19:07:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/06 18:59:00 | 000,000,166 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/07/06 18:55:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/06 18:40:01 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/06 18:24:24 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 16:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 12:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/08/14 17:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/07/26 11:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2006/08/03 23:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/12/06 19:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2008/03/15 13:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/01/07 11:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/05/11 09:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/04/28 07:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Digital Technologies
[2008/12/10 21:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2006/04/16 13:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/04/16 13:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/04/16 13:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2006/04/16 13:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/07/20 09:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/06 21:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/08/20 06:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2010/02/08 17:28:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/04/16 13:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Active Disk
[2006/04/16 13:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Aim
[2009/03/07 11:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Amazon
[2006/04/16 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Canon
[2009/05/16 11:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\eMusic
[2006/04/16 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\FTW
[2006/08/03 23:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\HotSync
[2006/04/16 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\InterTrust
[2010/02/07 19:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\IObit
[2006/04/16 13:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Leadertech
[2006/04/16 13:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Musicmatch
[2006/05/14 13:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\My Battle for Middle-earth™ II Files
[2007/01/30 18:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
[2007/05/01 16:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\OfficeUpdate12
[2007/08/28 20:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\OurPictures
[2008/07/03 18:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Panasonic
[2006/04/16 13:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\ScanSoft
[2008/07/19 07:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Search Settings
[2006/04/16 13:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Ulead Systems
[2010/02/10 22:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/02/08 17:30:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/02/10 10:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/02/10 16:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/02/08 17:30:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2005/12/23 11:49:52 | 000,031,864 | ---- | M] (Symantec Corporation) -- C:\symlcsv1.exe


< MD5 for: AGP440.SYS >
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/18 06:46:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/18 06:46:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/18 06:46:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/18 06:46:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
[2003/04/23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
[2002/08/29 05:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 05:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2002/08/29 05:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 08:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 08:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 08:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
< End of report >

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-11 01:03:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KARLKE~1\LOCALS~1\Temp\ugndykow.sys


---- System - GMER 1.0.15 ----

SSDT 8A9861F0 ZwAlertResumeThread
SSDT 8A986228 ZwAlertThread
SSDT 8A9C0288 ZwAllocateVirtualMemory
SSDT 8A998FD0 ZwAssignProcessToJobObject
SSDT 8AEB65B0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA9035130]
SSDT 8ACC7820 ZwCreateMutant
SSDT 8A998B00 ZwCreateSymbolicLinkObject
SSDT 8A9E60B0 ZwCreateThread
SSDT 8A9F13B0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA90353B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA9035910]
SSDT 8A9D42D0 ZwDuplicateObject
SSDT 8A976248 ZwFreeVirtualMemory
SSDT 8ACC78F0 ZwImpersonateAnonymousToken
SSDT 8A984218 ZwImpersonateThread
SSDT 8ABFF0C0 ZwLoadDriver
SSDT 8A9D52C8 ZwMapViewOfSection
SSDT 8A9DB7E0 ZwOpenEvent
SSDT 8A99D310 ZwOpenProcess
SSDT 8A9D4210 ZwOpenProcessToken
SSDT 8A9D6C70 ZwOpenSection
SSDT 8A99D240 ZwOpenThread
SSDT 8A998F00 ZwProtectVirtualMemory
SSDT 8AA27208 ZwResumeThread
SSDT 8A9D8328 ZwSetContextThread
SSDT 8A99B6F0 ZwSetInformationProcess
SSDT 8A9F1470 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA9035B60]
SSDT 8A9DB720 ZwSuspendProcess
SSDT 8A9862E8 ZwSuspendThread
SSDT 8A9C51F8 ZwTerminateProcess
SSDT 8A9D8268 ZwTerminateThread
SSDT 8A9D5208 ZwUnmapViewOfSection
SSDT 8A976318 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs A32DE400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[email protected] C:\WINDOWS\\BBStore\DSS\dssagent.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1

---- EOF - GMER 1.0.15 ----

Edited by Buffalohead2, 11 February 2010 - 09:34 PM.

  • 0

Advertisements


#2
Buffalohead2

Buffalohead2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 2/11/2010 9:59:49 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Karl Kettner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.88 Gb Total Space | 27.75 Gb Free Space | 14.62% Space Free | Partition Type: NTFS
Drive D: | 2.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 74.46 Gb Total Space | 6.95 Gb Free Space | 9.34% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 121.69 Gb Free Space | 81.65% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: KETTNERSMACHINE
Current User Name: Karl Kettner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/11 21:57:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl Kettner\Desktop\OTL.exe
PRC - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe
PRC - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe
PRC - [2009/11/28 15:38:44 | 000,186,744 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.7.0.23\ccProxy.exe
PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/08/22 03:26:07 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/14 17:07:31 | 000,099,624 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aprocessfactory.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2007/07/10 09:51:05 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/06/10 04:11:28 | 000,117,528 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCSVR.EXE
PRC - [2006/06/10 04:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
PRC - [2005/09/14 17:42:48 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\SYSTEM32\gearsec.exe
PRC - [2005/08/30 22:36:10 | 000,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
PRC - [2004/07/30 15:47:36 | 000,069,632 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
PRC - [2004/06/03 03:50:07 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2003/06/11 07:34:58 | 000,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/05/31 18:02:32 | 007,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
PRC - [2002/08/29 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/11 21:57:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl Kettner\Desktop\OTL.exe
MOD - [2009/11/21 10:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2009/08/22 03:26:04 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\asOEHook.dll
MOD - [2008/04/13 19:12:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\shimeng.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - [2010/02/09 20:58:25 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/11/28 15:38:44 | 000,186,744 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.7.0.23\ccProxy.exe -- (ccProxy)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/09/23 15:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/22 03:26:07 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/04/27 22:12:07 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/14 17:07:35 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/07 11:30:22 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/07/10 09:51:22 | 000,532,264 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/04/18 04:30:42 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/09 00:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/29 15:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/09/14 17:42:48 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\SYSTEM32\gearsec.exe -- (GEARSecurity)
SRV - [2005/08/30 22:36:10 | 000,376,832 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/08/30 21:05:00 | 000,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\ati2sgag.exe -- (ATI Smart)
SRV - [2004/07/30 15:47:36 | 000,110,592 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe -- (RetroExp Helper)
SRV - [2004/07/30 15:47:36 | 000,069,632 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe -- (RetroExpLauncher)
SRV - [2003/11/03 13:46:00 | 000,073,728 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/11 07:34:58 | 000,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2003/05/31 18:02:32 | 007,544,916 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/12/17 19:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)
SRV - [2002/10/21 09:36:50 | 000,049,152 | ---- | M] (CANON INC.) [Disabled | Stopped] -- C:\Program Files\Canon\BJCard\Bjmcmng.exe -- (Bjmcmng)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...?ie=UTF-8&hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Encarta Web Companion Helper Object) - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (Encarta Web Companion) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Encarta Web Companion) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [L07AXLRD_406312] C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [L07AXLRD_9822546] C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Karl Kettner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.micros.../i386/msaud.cab (Reg Error: Value error.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsi.cab (Reg Error: Value error.)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (Reg Error: Value error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1092375319687 (MSSecurityAdvisor Class)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...sa/LSSupCtl.cab (Reg Error: Value error.)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg...v45/yacscom.cab (Yahoo! Audio Conferencing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} http://www.exfol.com/v/1/i/eins008.exe (Reg Error: Value error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} http://dl.google.com...PluginIEWin.cab (Google Gadget Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1176648994890 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Yahoo! Audio UI1)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2} http://catalog.homed...live/ezinit.cab (Reg Error: Value error.)
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} http://64.154.241.30/wg_webeye.cab (Web Camera Server Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} http://ib2.dancik.co...gefull20816.cab (Actimage Room Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.app.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.s.../ActiveData.cab (Reg Error: Value error.)
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} http://www.musicmatc...tionControl.cab (moDiagCollectionActiveX Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.151.8.211 24.151.8.210 66.189.130.5
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Gone Fishing.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Gone Fishing.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/02 17:37:35 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2006/11/02 17:30:48 | 000,569,344 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006/11/02 17:37:21 | 000,000,180 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2006/10/28 21:39:19 | 000,880,640 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2007/05/31 13:15:50 | 000,000,118 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0199e147-bf2b-11dd-92c3-000cf1fb5d9a}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\{11064904-e882-11dd-9327-000cf1fb5d9a}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{11064904-e882-11dd-9327-000cf1fb5d9a}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2006/04/16 15:03:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (72342462038802432)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/11 21:57:43 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karl Kettner\Desktop\OTL.exe
[2010/02/10 16:31:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/10 16:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/09 22:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/09 20:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/09 17:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karl Kettner\Application Data\Malwarebytes
[2010/02/09 17:22:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/09 17:21:59 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/09 17:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/09 17:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/08 18:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Support
[2010/02/07 19:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karl Kettner\Application Data\IObit
[2010/02/07 19:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/08/20 06:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Downloaded Installations
[2009/05/04 06:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\eMusic
[2008/01/03 21:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/25 00:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/04/16 13:56:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/04/16 13:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/04/16 13:55:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2004/08/19 22:59:58 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
[2004/08/19 22:59:58 | 000,476,160 | ---- | C] (NetObjects) -- C:\Program Files\SiteSlurp.dll
[2004/08/19 22:59:58 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[2004/08/19 22:59:58 | 000,172,032 | ---- | C] (NetObjects) -- C:\Program Files\t2html.dll
[2004/08/19 22:59:58 | 000,069,632 | ---- | C] (NetObjects) -- C:\Program Files\t2edit.dll
[2004/08/19 22:59:58 | 000,032,768 | ---- | C] (NetObjects) -- C:\Program Files\NFXPort.dll
[2004/08/19 22:59:57 | 000,446,976 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn13n.dll
[2004/08/19 22:59:57 | 000,445,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg13n.dll
[2004/08/19 22:59:57 | 000,206,336 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltefx13n.dll
[2004/08/19 22:59:57 | 000,150,528 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil13n.DLL
[2004/08/19 22:59:56 | 000,269,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS13n.dll
[2004/08/19 22:59:55 | 001,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTCLR13n.dll
[2004/08/19 22:59:55 | 000,140,288 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif13n.dll
[2004/08/19 22:59:55 | 000,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftga13n.dll
[2004/08/19 22:59:54 | 000,055,808 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd13n.dll
[2004/08/19 22:59:54 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfras13n.dll
[2004/08/19 22:59:53 | 000,181,760 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng13n.dll
[2004/08/19 22:59:53 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct13n.dll
[2004/08/19 22:59:53 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx13n.dll
[2004/08/19 22:59:53 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd13n.dll
[2004/08/19 22:59:52 | 000,084,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lffpx13n.dll
[2004/08/19 22:59:52 | 000,047,616 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfeps13n.dll
[2004/08/19 22:59:52 | 000,047,104 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfgif13n.dll
[2004/08/19 22:59:50 | 010,850,304 | ---- | C] (NetObjects) -- C:\Program Files\Fusion.exe
[2004/08/19 22:59:50 | 000,417,792 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP13n.DLL
[2004/08/19 22:59:50 | 000,401,408 | ---- | C] (NetObjects) -- C:\Program Files\DAlib.dll
[2004/08/19 22:59:50 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp13n.dll

========== Files - Modified Within 14 Days ==========

[2010/02/11 21:57:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl Kettner\Desktop\OTL.exe
[2010/02/11 21:51:06 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3922693991-217629532-4035939359-1009UA.job
[2010/02/11 21:03:20 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/11 21:03:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/11 21:03:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/11 20:50:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3922693991-217629532-4035939359-1009Core.job
[2010/02/11 18:08:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/11 18:08:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/11 18:08:32 | 3220,230,144 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/11 07:43:13 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Karl Kettner\NTUSER.DAT
[2010/02/11 07:43:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Karl Kettner\NTUSER.INI
[2010/02/11 07:43:06 | 004,844,676 | -H-- | M] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\IconCache.db
[2010/02/10 22:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/10 16:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/10 16:30:33 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Karl Kettner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/10 10:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/10 09:57:06 | 000,816,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\Cat.DB
[2010/02/10 09:56:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/10 09:36:33 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\housecall.guid.cache
[2010/02/08 17:30:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/08 17:30:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/06 14:39:00 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 13:46:34 | 000,001,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/02/03 11:53:08 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\isolate.ini
[2010/01/30 17:20:35 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk

========== Files Created - No Company Name ==========

[2010/02/10 16:30:33 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/10 10:11:26 | 3220,230,144 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/10 09:36:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\housecall.guid.cache
[2010/02/09 20:58:50 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/09 20:58:50 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/05 21:41:06 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/03 14:31:20 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/03 13:46:34 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/08/28 22:05:26 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/28 09:30:45 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\FASTWiz.log
[2008/05/09 11:29:05 | 000,000,072 | ---- | C] () -- C:\WINDOWS\JascCmdPrint.INI
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/01 21:07:43 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/10/01 21:07:43 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/10/01 21:07:43 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/10/01 21:07:42 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/15 09:23:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/05/01 16:55:49 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/04/18 11:07:05 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/04/18 11:07:05 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/28 22:33:09 | 000,001,382 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/22 23:16:06 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/08/13 18:25:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/03/05 11:45:46 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/03/05 11:45:45 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/01/07 13:53:05 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2005/11/20 09:36:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/09/01 22:00:18 | 000,000,080 | ---- | C] () -- C:\WINDOWS\usta33.ini
[2005/08/22 19:02:04 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2005/08/03 17:48:37 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\VSCRDD32.DLL
[2005/08/03 17:48:36 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\esafedrv.dll
[2005/08/03 17:48:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\npen32.dll
[2005/08/03 17:48:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\enph.dll
[2005/08/03 17:48:36 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\em32.dll
[2005/07/14 22:55:20 | 000,008,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/06/08 19:36:43 | 000,000,081 | ---- | C] () -- C:\WINDOWS\RMAKER.INI
[2005/06/08 19:36:40 | 000,000,226 | ---- | C] () -- C:\WINDOWS\ANYTIME.INI
[2005/06/08 19:36:21 | 000,004,512 | ---- | C] () -- C:\WINDOWS\HMEW.DLL
[2005/05/18 18:51:21 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/18 18:51:20 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/18 18:50:47 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/04 13:45:46 | 000,029,493 | ---- | C] () -- C:\WINDOWS\_000116_.tmp.dll
[2005/04/27 23:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 23:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 23:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/04/19 07:43:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uesviewer.INI
[2005/03/04 07:47:02 | 000,029,138 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Application Data\Comma Separated Values (Windows).ADR
[2004/12/26 10:33:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/03 16:22:54 | 000,000,316 | ---- | C] () -- C:\WINDOWS\conscorr.ini
[2004/12/03 00:28:45 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GBFDEIJK.ini
[2004/09/15 22:10:04 | 000,000,000 | ---- | C] () -- C:\Program Files\MyDic.dic
[2004/09/15 21:45:51 | 000,000,000 | ---- | C] () -- C:\Program Files\018444
[2004/09/15 21:45:51 | 000,000,000 | ---- | C] () -- C:\Program Files\018232
[2004/09/15 18:35:25 | 000,000,000 | ---- | C] () -- C:\Program Files\012275
[2004/09/15 18:35:25 | 000,000,000 | ---- | C] () -- C:\Program Files\003370
[2004/09/15 16:55:07 | 000,162,059 | -H-- | C] () -- C:\Program Files\Fusion.GID
[2004/09/02 19:09:20 | 000,000,016 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2004/08/24 06:33:39 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/24 06:33:39 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/24 06:33:39 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/24 06:33:39 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/24 06:33:39 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/19 23:00:04 | 000,848,384 | ---- | C] () -- C:\Program Files\SBEditorForm.ocx
[2004/08/19 23:00:04 | 000,352,256 | ---- | C] () -- C:\Program Files\FSI.dll
[2004/08/19 23:00:04 | 000,069,632 | ---- | C] () -- C:\Program Files\JaxCompiler.ocx
[2004/08/19 23:00:04 | 000,045,056 | ---- | C] () -- C:\Program Files\CoFTP.dll
[2004/08/19 22:59:58 | 000,374,272 | ---- | C] () -- C:\Program Files\NOFPR.DLL
[2004/08/19 22:59:58 | 000,196,608 | ---- | C] () -- C:\Program Files\NOFPD.DLL
[2004/08/19 22:59:58 | 000,184,320 | ---- | C] () -- C:\Program Files\patchw32.dll
[2004/08/19 22:59:58 | 000,167,936 | ---- | C] () -- C:\Program Files\nfxtools.dll
[2004/08/19 22:59:58 | 000,147,456 | ---- | C] () -- C:\Program Files\UTCmprss.dll
[2004/08/19 22:59:58 | 000,118,784 | ---- | C] () -- C:\Program Files\Pdlib.dll
[2004/08/19 22:59:58 | 000,086,016 | ---- | C] () -- C:\Program Files\PublishManager.dll
[2004/08/19 22:59:58 | 000,055,012 | ---- | C] () -- C:\Program Files\nfxrect.tlb
[2004/08/19 22:59:58 | 000,032,768 | ---- | C] () -- C:\Program Files\OdbcDsnRetriever.dll
[2004/08/19 22:59:58 | 000,028,672 | ---- | C] () -- C:\Program Files\Uninst.dll
[2004/08/19 22:59:58 | 000,023,664 | ---- | C] () -- C:\Program Files\nfusion.tlb
[2004/08/19 22:59:58 | 000,022,876 | ---- | C] () -- C:\Program Files\sbeditorform.mld
[2004/08/19 22:59:58 | 000,020,480 | ---- | C] () -- C:\Program Files\PtRes.dll
[2004/08/19 22:59:58 | 000,009,463 | ---- | C] () -- C:\Program Files\Recover.txt
[2004/08/19 22:59:55 | 000,012,739 | ---- | C] () -- C:\Program Files\License.txt
[2004/08/19 22:59:53 | 000,118,784 | ---- | C] () -- C:\Program Files\lfkodak.dll
[2004/08/19 22:59:52 | 000,338,944 | ---- | C] () -- C:\Program Files\lffpx7.dll
[2004/08/19 22:59:50 | 000,904,989 | ---- | C] () -- C:\Program Files\Fusion.hlp
[2004/08/19 22:59:50 | 000,159,744 | ---- | C] () -- C:\Program Files\asrv.dll
[2004/08/19 22:59:50 | 000,155,648 | ---- | C] () -- C:\Program Files\UTUnpack.dll
[2004/08/19 22:59:50 | 000,034,376 | ---- | C] () -- C:\Program Files\Fusion.cnt
[2004/08/12 07:27:12 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\fusioncache.dat
[2004/07/25 21:09:05 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/20 21:01:34 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2004/07/20 21:00:06 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/07/20 21:00:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/07/18 09:53:13 | 000,025,399 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2004/07/12 18:29:05 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2004/07/12 18:22:02 | 000,000,229 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/07/12 15:43:39 | 000,056,411 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/07/12 12:23:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/07/10 20:16:24 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Karl Kettner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/10 19:16:11 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2004/07/10 18:33:12 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004/07/10 13:00:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/07/10 12:54:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4y.DLL
[2004/07/10 09:50:09 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2004/07/10 09:44:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/07/06 19:18:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/06 19:07:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/06 18:59:00 | 000,000,166 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/07/06 18:55:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/06 18:40:01 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/06 18:24:24 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 16:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 12:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/08/14 17:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/07/26 11:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2006/08/03 23:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/12/06 19:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2008/03/15 13:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/01/07 11:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/05/11 09:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/04/28 07:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Digital Technologies
[2008/12/10 21:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2006/04/16 13:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/04/16 13:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/04/16 13:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2006/04/16 13:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/07/20 09:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/06 21:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/08/20 06:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2010/02/08 17:28:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/04/16 13:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Active Disk
[2006/04/16 13:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Aim
[2009/03/07 11:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Amazon
[2006/04/16 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Canon
[2009/05/16 11:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\eMusic
[2006/04/16 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\FTW
[2006/08/03 23:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\HotSync
[2006/04/16 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\InterTrust
[2010/02/07 19:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\IObit
[2006/04/16 13:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Leadertech
[2006/04/16 13:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Musicmatch
[2006/05/14 13:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\My Battle for Middle-earth™ II Files
[2007/01/30 18:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
[2007/05/01 16:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\OfficeUpdate12
[2007/08/28 20:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\OurPictures
[2008/07/03 18:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Panasonic
[2006/04/16 13:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\ScanSoft
[2008/07/19 07:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Search Settings
[2006/04/16 13:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karl Kettner\Application Data\Ulead Systems
[2010/02/10 22:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/02/08 17:30:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/02/10 10:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/02/10 16:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/02/08 17:30:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2005/12/23 11:49:52 | 000,031,864 | ---- | M] (Symantec Corporation) -- C:\symlcsv1.exe


< MD5 for: AGP440.SYS >
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/18 06:46:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/18 06:46:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/18 06:46:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/18 06:46:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/12/25 15:53:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
[2003/04/23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
[2002/08/29 05:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 05:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2002/08/29 05:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 08:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 08:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 08:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP